Vulnerabilities > CVE-2020-5774 - Insufficient Session Expiration vulnerability in Tenable Nessus

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

tenable

CWE-613

NVD

Published: 2020-08-21

Updated: 2020-08-28

Summary

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

Vulnerable Configurations

Part	Description	Count
Application	Tenable Tenable Nessus 4.4.1.15078 Tenable Nessus 5.2.0 Tenable Nessus 5.2.1 Tenable Nessus 5.2.2 Tenable Nessus 5.2.3 Tenable Nessus 5.2.4 Tenable Nessus 5.2.5 Tenable Nessus 5.2.6 Tenable Nessus 5.2.7 Tenable Nessus 5.2.8 Tenable Nessus 5.2.9 Tenable Nessus 5.2.10 Tenable Nessus 5.2.11 Tenable Nessus 5.2.12 Tenable Nessus 6.0.0 Tenable Nessus 6.0.1 Tenable Nessus 6.0.2 Tenable Nessus 6.1.0 Tenable Nessus 6.1.1 Tenable Nessus 6.1.2 Tenable Nessus 6.2.0 Tenable Nessus 6.2.1 Tenable Nessus 6.3.0 Tenable Nessus 6.3.1 Tenable Nessus 6.3.2 Tenable Nessus 6.3.3 Tenable Nessus 6.3.4 Tenable Nessus 6.3.5 Tenable Nessus 6.3.6 Tenable Nessus 6.3.7 Tenable Nessus 6.4.0 Tenable Nessus 6.4.1 Tenable Nessus 6.4.2 Tenable Nessus 6.4.3 Tenable Nessus 6.5.0 Tenable Nessus 6.5.1 Tenable Nessus 6.5.2 Tenable Nessus 6.5.3 Tenable Nessus 6.5.4 Tenable Nessus 6.5.5 Tenable Nessus 6.5.6 Tenable Nessus 6.6.0 Tenable Nessus 6.6.1 Tenable Nessus 6.6.2 Tenable Nessus 6.7 Tenable Nessus 6.7.0 Tenable Nessus 6.8 Tenable Nessus 6.8.0 Tenable Nessus 6.8.1 Tenable Nessus 6.8.2 Tenable Nessus 6.9 Tenable Nessus 6.9.0 Tenable Nessus 6.9.1 Tenable Nessus 6.9.2 Tenable Nessus 6.9.3 Tenable Nessus 6.10.0 Tenable Nessus 6.10.1 Tenable Nessus 6.10.2 Tenable Nessus 6.10.3 Tenable Nessus 6.10.4 Tenable Nessus 6.10.5 Tenable Nessus 6.10.6 Tenable Nessus 6.10.7 Tenable Nessus 6.10.8 Tenable Nessus 6.10.9 Tenable Nessus 6.11.0 Tenable Nessus 6.11.1 Tenable Nessus 6.11.2 Tenable Nessus 6.11.3 Tenable Nessus 6.12.0 Tenable Nessus 6.12.1 Tenable Nessus 7.0.0 Tenable Nessus 7.0.1 Tenable Nessus 7.0.2 Tenable Nessus 7.0.3 Tenable Nessus 7.1.0 Tenable Nessus 7.1.1 Tenable Nessus 7.1.2 Tenable Nessus 7.1.3 Tenable Nessus 7.1.4 Tenable Nessus 7.1.5 Tenable Nessus 7.2.0 Tenable Nessus 7.2.1 Tenable Nessus 7.2.2 Tenable Nessus 7.2.3 Tenable Nessus 8.0.0 Tenable Nessus 8.0.1 Tenable Nessus 8.1.0 Tenable Nessus 8.1.1 Tenable Nessus 8.1.2 Tenable Nessus 8.2.0 Tenable Nessus 8.2.1 Tenable Nessus 8.2.2 Tenable Nessus 8.2.3 Tenable Nessus 8.3.0 Tenable Nessus 8.3.1 Tenable Nessus 8.3.2 Tenable Nessus 8.4.0 Tenable Nessus 8.5.0 Tenable Nessus 8.5.1 Tenable Nessus 8.5.2 Tenable Nessus 8.6.0 Tenable Nessus 8.7.0 Tenable Nessus 8.7.1 Tenable Nessus 8.7.2 Tenable Nessus 8.8.0 Tenable Nessus 8.9.0 Tenable Nessus 8.9.1 Tenable Nessus 8.10.0 Tenable Nessus 8.10.1 Tenable Nessus 8.11.0	111

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.tenable.com/security/tns-2020-06